> > Why don't you use IPSec? Or as second best solution TCP MD5? > > Both are supported by OpenBGPD and give you more protection that > > playing > > around with the IP TTL. > > Hum... some people rather like such options.... I rather like using > TCP MD5 or IPSec...
IPsec is not widely supported and md5 causes timeout detection problems. TTL security check is a way to have a small but quite efficient protection. Obviously, everyone will prefer one or the other way, but there are arguments for TTL check as for others. BR, -- Sylvain COUTANT ADVISEO http://www.adviseo.fr/ http://www.open-sp.fr/
